This message usually appears when one tries to login from a new location or from a new device the first time. It's nothing to do with Knox, though. It's a security measure of the google account.... It happened to me also one time when I was abroad. But I have got a google account because I have paid apps I want to use on other devices as well. ..your tablet is a new one, not a used one? Sure it was never associated to a google account?
Brandnew, bought it two weeks before that happened, when I visited Germany.... (even got the 19% tax back, when I got the stamp on a paper at the airport, plus the tax for the notebook too! Nice system, no wonder they are export world champion, ruining everybody else...) I understand the purpose, it is supposed to "protect" those who "loose" theirs... at the cost of those who are not dumb enough. And anyway, seems, all a thief needs to do is flash the firmware, and your stolen Tablet will work just fine. It is called bloatware... good I hate these companies, Always coming up with garbage that no one asked for, but not giving what you want.
To prevent this there is the reactivation lock to be enabled. (Uses Samsung account). Other devices have got Google FRP (FactoryResetProtection) and / or OEM lock. But using that and tinkering with own OS it may lead to own lock out of the own device, be careful. With reactivation lock enabled one cannot flash anymore, Odin refuses to flash if reactivation bit is enabled at the bootloader. Also factory reset will ask for Samsung (not Google) account PW to continue. (Not good if your OS is bootlooping and needs to be reset / re-flashed). We once came into immense trouble when dm-verity kicked in and the device needed to be re-flashed in order to boot again, but it had an active FRP / OEM lock enabled....(Huawei, though)... Compared to my first Android device (Galaxy S) things in this regard have become worse. If you change the system partition it refuses to boot (dm-verity since Android 5.1, needs to be patched to disable) and changing recovery.img or boot.img causes tripping of Knox counter since their signatures do not match anymore. Bootloaders are signed a long time already.... Actually one should be able to uninstall any preinstalled app completely from system without trouble.... We purchase a product not a device. And we do not really own it. By purchasing it we become a part of the product... Things have changed.
I totally agree with your conclusions. The fact that reality by now is so, made me stay more or less away from the whole business from the beginning. I bought a Huawei tablet, which was quite phantastic as far as the quality goes, but, as you write, it allows no access, so I returned it On the other hand... my Samsung had me locked out. It wanted me to log in with a Google account, which does not exist, and even if it had, there was absolutely no possibility to enter any data, like google log-in. But.... Odin 13 DID let me flash the firmware... The story is basically the same with a lot of software for regular computer use. I have stopped updating several of them. And they still work the way they used to, when I began using them. Best example is ccleaner, where any newer versions insults you with the Avast garbage. Filehippo and others still offer 5.08 of ccleaner, which still makes it YOUR software. "Things have changed." I rather not go into the reasons why that was possible and who made it possible... But I am glad I belong a generation that grew up in a world without computers, and I remember that most things that made my life great, are no longer possible, because of the control computers offer to the powers that be. So I use Win 7 and a phone about twice a year... the result is amazing: Whenever I am in foreign country visiting old friends. On other computers I check, and I am happy to find out once again, that there is absolutely NO data at all about the actual me to be found, when googling or whatever. Abolishing cash will take at least two more decades, so that makes me safe from "them"... ...